-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.17, 4.18, 4.19
-
Quality / Stability / Reliability
-
False
-
-
None
-
Moderate
-
Yes
-
None
-
None
-
Rejected
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
External dns works fine in Aws Gov cluster, but it got issues in STS cluster. When the we create the external DNS, even though we able to create it, but getting WebIdentityErr error time="2025-02-12T11:18:40Z" level=error msg="Failed to do run once: soft error\nrecords retrieval failed: soft error\nfailed to list hosted zones: WebIdentityErr: failed to retrieve credentials\ncaused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity\n\tstatus code: 403, request id: 311bd17f-c0ef-465a-8de4-b227dcdb0d0a"
Version-Release number of selected component (if applicable):
How reproducible:
100%
Steps to Reproduce:
1. Build and deploy ExtDNS in AWS STS gov region 2. Check the logs of extdns operand pod.
Actual results:
time="2025-02-12T11:18:40Z" level=error msg="Failed to do run once: soft error\nrecords retrieval failed: soft error\nfailed to list hosted zones: WebIdentityErr: failed to retrieve credentials\ncaused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity\n\tstatus code: 403, request id: 311bd17f-c0ef-465a-8de4-b227dcdb0d0a"
Expected results:
"All records are already up to date"
Additional info:
During the regression run in prowci the error was
STS: GetCallerIdentity, https response error StatusCode: 403, RequestID: d67801b0-52fd-45b2-b2ba-cdeefd5f220e, api error InvalidClientTokenId: The security token included in the request is invalid.
https://reportportal-openshift.apps.ocp-c1.prod.psi.redhat.com/ui/#prow/launches/all/656980/95205674/95206206/log?item1Params=filter.eq.hasStats%3Dtrue%26filter.eq.hasChildren%3Dfalse%26filter.in.type%3DSTEP%26filter.in.status%3DFAILED%252CINTERRUPTED
- causes
-
-
- New
-
- is related to
-
NE-1307 Support the standardized STS configuration flow via OLM and CCO for ALBO in OCP 4.14
-
- Closed
-
